From espionage to cryptojacking, the French cybersecurity agency acted on nearly 2,000 threat reports last year
During 2018, attackers were increasingly targeting critical infrastructure sectors such as defense, healthcare, and research, the Paris-based agency says.
Meanwhile, the number of indirect attacks rose, along with the number of attacks aimed at influence or destabilization. There were also “numerous” cryptojacking attacks and cases of online fraud.
Altogether, during last year, ANSSI acted on 1,869 security threat reports, including 16 “major incidents”.
“First, attackers are increasingly exploiting the trusted relationships built between partners to access the information they seek,” said ANSSI director general Guillaume Poupard.
“Secondly – and this is the most worrisome – very organized groups are preparing what appear to be tomorrow’s conflicts by infiltrating the infrastructures of the most critical systems.”
Attacks and defense
Since 2013, France’s Critical Infrastructures Information Protection (CIIP) framework has laid down a common minimum level of cybersecurity for all critical operators, while giving ANSSI powers to support them in the event of a cyber-attack.
And, says Poupard, decision-makers are increasingly taking the threat seriously.
However, according to Gerome Billois, cybersecurity consultant at Wavestone and board member of the French security association CLUSIF, France’s economic structure means that it faces different vulnerabilities from much of the rest of Europe.
“We’re not like other European countries – we have very large companies that have most of the economic impact of the country, and we also have lots of very small companies. We are missing the medium-sized enterprises,” he tells The Daily Swig.
“With the small ones, we have large difficulties in, first, making them aware of the risk and then giving them the ability to take action, because they don’t have the IT experts, they don’t have the cyber experts, and cybersecurity products are very specific for large enterprises and budgets.”
As around 80% of the French workforce is accounted for by these small and medium-sized enterprises (SMEs), Billois says, this could be a big problem if there is a major security incident.
The security expert said he would like to see the expansion of the Cyber Malveillance program, which is aimed at helping SMEs stay protected.
During the year, says Poupard, national and international cooperation has been key.
“The Appel de Paris [Paris Call for Trust and Security in Cyberspace], the Cybersecurity Act, sectoral cooperation agreements, and the agency’s contribution towards the open source community are all perfect examples of this,” he says.
“Agreeing at international level on what is permitted and what is not in cyberspace is vital.”
Billois says that, from CLUSIF’s point of view, international cooperation is effective, particularly when it comes to improving a nation’s technical defenses.
“There are lots of initiatives with countries who are allies of friends of friends,” he says.
“The issue is mainly the delay when we need an urgent cooperation. I mean, the doors are open, we work with the Germans, there are a few initiatives with all the European countries.
“There is cooperation with the UK, with the NCSC, a lot with the US and even Israel, and so on. But the main problem is the delay when we need to have cooperation between police forces. Cyber needs to be fast.”
Cooperation with private companies is also improving. ANSSI published a strategic review of cyber defense (PDF) last year, aiming to specify the responsibilities of private firms. It also created a cyber crisis coordination center.
However, the agency believes that some areas of legal uncertainty remain, particularly a lack of obligation on the part of private stakeholders to design and maintain state-of-the-art security solutions.
Overall, though, ANSSI said there was a big increase in public-private cooperation in terms of cybersecurity during 2018.
And this seems set to continue: just a few days ago, antivirus maker Avast and the French National Gendarmerie announced that they had teamed up to bring down a botnet of 850,000 computers infected with the Retadup malware.
“The Gendarmerie has a dedicated cyber taskforce where they were able to take control of a command-and-control server of a big botnet, and it’s the first time they were able to give orders to the botnet to clean the computers,” says Billois.
“It’s a very good example of collaboration between the public and private sector.”
YOU MAY ALSO LIKE NCSC hails progress in efforts to halt phishing